Securely passing arguments when opening a pipe to a program
Joonas Paalasmaa
joonas at olen.to
Fri Mar 1 15:14:13 EST 2002
I am using Gnokii to send SMS messages with Python. Gnokii is started
with
popen2.popen2 like this:
gnokiiRead, gnokiiWrite = popen2.popen2("gnokii --sendsms %s" %
phonenumber)
gnokiiWrite.write(message)
gnokiiWrite.close()
response = gnokiiRead.read()
gnokiiRead.close()
The problem is that the phonenumber string is not safe; it can even be
"000; rm -fR ~/*". How can I securely pass arguments when opening the
pipe?
Is there a way to pass the arguments like in os.execv.
- Joonas
More information about the Python-list
mailing list